Do not track unless the user has consented, could present headaches for Facebook and Google
A privacy proposal proposal presented by the European Union executive on Tuesday could potentially dent the wallets of companies such as Facebook, Google and Microsoft.
The document proposes tougher rules for tech firms to obey if they want to track the online surfing habits of their customers, a move that could potentially impact these tech firms lucrative advertising revenue streams.
Under the new rules, tech firms will have to guarantee the confidentiality of their customers’ conversations and get their consent before tracking them online in order to serve them personalised adverts.
“The ePrivacy Directive ensures the protection of fundamental rights and freedoms, in particular the respect for private life, confidentiality of communications and the protection of personal data in the electronic communications sector,” says the EU document.
The issue of privacy remains a touchy subject in today’s connected world. For example, free online services such as Gmail or Hotmail currently scan customer emails to serve them targeted ads, without obtaining the explicit agreement of the user. It should be noted that tech firms use the advertising revenue this generates in order to offer the services for free.
But the European Commission states that Europeans are concerned about their privacy, and cites a recent Eurobarometer survey that showed that 92 percent of respondents say it is important or very important that personal information on their computer, smartphone or tablet can only be accessed with their permission.
Additionally also 92 percent state that it is important or very important that the confidentiality of their emails and online instant messaging is guaranteed.
In essence, the European Commission is proposing a number of changes.
Firstly, tech firms have to ensure that all electronic communications must be confidential. “Listening to, tapping, intercepting, scanning and storing of for example, text messages, emails or voice calls will not be allowed without the consent of the user,” it said.
Secondly, the proposal also seeks to ensure users’ online behaviour has to be guaranteed. “Consent is required to access information on a user’s device – the so-called terminal equipment. Users also need to agree to websites using cookies or other technologies to access information stored on their computers or to track their online behaviour.”
And thirdly the EU wants any processing of communications content and metadata to be subjected to explicit consent: “Privacy is guaranteed for content of communication as well as metadata – for example who was called, the timing, location and duration of the call, as well as websites visited.”
Finally, it wants spam and direct marketing communications to require prior consent, regardless of the technology used (e.g. automated calling machines, SMS, or email). This means that users must give consent before unsolicited commercial communications is addressed to them.
“Our proposals will complete the EU data protection framework,” said first VP Timmermans said. “They will ensure that the privacy of electronic communications is protected by up to date and effective rules, and that European institutions will apply the same high standards that we expect from our Member States.”
“Our proposals will deliver the trust in the Digital Single Market that people expect,” said Andrus Ansip, VP for the Digital Single Market.
“I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate,” he added.
The proposal needs to be approved by the European Parliament and member states before it can become law.
But it remains to be seen how the tech industry will respond to the proposals.